[PVE-User] Proxmox 4 - LXC container + private IP + postrouting rule = internet access issue
Michael JOIGNY
mjoigny at neteven.com
Thu Jun 30 15:18:13 CEST 2016
Hi pve users,
I'm new to this mailing list, so hi everybody.
I'm running a new server with proxmox 4 (4.4.10-1-pve) , i want to
migrate my containers from my proxmox 3 server.
I've followed this guide https://pve.proxmox.com/wiki/Convert_OpenVZ_to_LXC.
The migration for a container with two networks devices (eth0 = public
ip and eth1 = private ip) works (switching venet to eth).
This is my server configuration :
*vmbr0* Link encap:Ethernet HWaddr 0c:c4:7a:c4:e1:3e
inet addr:164.x.x.x Bcast:164.x.x.x Mask:255.255.255.0
inet6 addr: 2001:41d0:1008:1911::/64 Scope:Global
inet6 addr: fe80::ec4:7aff:fec4:e13e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2083999 errors:0 dropped:0 overruns:0 frame:0
TX packets:1584895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9933515436 (9.2 GiB) TX bytes:270625982 (258.0 MiB)
*vmbr2* Link encap:Ethernet HWaddr 0c:c4:7a:c4:e1:3f
inet addr:172.25.x.x Bcast:172.25.x.x Mask:255.255.0.0
inet6 addr: fe80::ec4:7aff:fec4:e13f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:686889 errors:0 dropped:0 overruns:0 frame:0
TX packets:22767 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36857076 (35.1 MiB) TX bytes:1714452 (1.6 MiB)
*route
*Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 164.x.x.x 0.0.0.0 UG 0 0 0 vmbr0
164.x.x.x * 255.255.255.0 U 0 0 0 vmbr0
172.25.0.0 * 255.255.0.0 U 0 0 0 vmbr2
224.0.0.0 * 240.0.0.0 U 0 0 0 vmbr2*
*
This is my CT configuration with two interfaces (works) :
*eth0* Link encap:Ethernet HWaddr 3a:32:64:31:37:37
inet addr:5.x.x.x Bcast:5.x.x.x Mask:255.255.255.224
inet6 addr: fe80::3832:64ff:fe31:3737/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:775974 errors:0 dropped:0 overruns:0 frame:0
TX packets:100616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69195377 (65.9 MiB) TX bytes:39651385 (37.8 MiB)
*eth1* Link encap:Ethernet HWaddr 66:65:34:61:66:37
inet addr:172.25.x.x Bcast:172.25.x.x Mask:255.255.255.255
inet6 addr: fe80::6465:34ff:fe61:6637/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:679412 errors:0 dropped:0 overruns:0 frame:0
TX packets:22406 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:44403026 (42.3 MiB) TX bytes:10242758 (9.7 MiB)
*route *
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 5.x.x.x 0.0.0.0 UG 0 0 0 eth0
5.x.x.x * 255.255.255.224 U 0 0 0 eth0
172.25.0.0 * 255.255.0.0 U 0 0 0 eth1
*ping private network > ok
ping google > ok
*
However when i have a container with only one interface eth1 (private
ip) i can't reach internet while i have a postrouting rule like :
This is my CT configuration (not works) :
*eth1* Link encap:Ethernet HWaddr 32:61:65:34:30:31
inet addr:172.25.x.x Bcast:172.25.x.x Mask:255.255.255.255
inet6 addr: fe80::3061:65ff:fe34:3031/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:144622 errors:0 dropped:0 overruns:0 frame:0
TX packets:21624 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9773350 (9.3 MiB) TX bytes:3256302 (3.1 MiB)
*route*
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 eth1
*iptables postrouting rule *
iptables -t nat -A POSTROUTING -s 172.25.x.x/32 -o vmbr0 -j SNAT --to
server_host_ip
*ping private network > ok
ping google > KO *
*
*But the same configuration works on proxmox 3 ....*
*Can someone please help me ?*
*Regards.*
*
--
Michael J.
More information about the pve-user
mailing list